The culture shift in your DevOps environment

The culture shift in your DevOps environment

With the continual vulnerabilities being exploited in applications today it’s important to shed some more light in this area. Many developers and senior tech leaders haven’t yet made the mental switch from “DevOps” to “DevSecOps,” despite some nudging within the tech community and the tech media. What does it take to make a global movement? Hopefully, it won’t take another Heartbleed vulnerability that we experienced a few years ago. This is just one of many we all have seen one too many times.

In the theme of security, we recently discussed incident response plans. Taking this a step further, the focus will be on the security around DevOps.

So, what is DevSecOps? Essentially, it is the idea of incorporating best security practices in the DevOps practice. It is a practice that security and engineering teams need to build into their DNA, collaboratively. This just doesn’t mean when teams feel like it. It means building security right from the start and through the entire process until delivery of the final product. This shift must broaden DevOps strengths to software security.

Building that security foundation

The Scrum framework and Agile methodology are great and should continue to look at efficiencies within the DevOps process. Much of these processes were developed with speed and quality in mind. Initially however, security had been an afterthought and as more vulnerabilities arose, management realized the deep flaw. It’s important we all acknowledge that we need to start building in a little time for security, starting on the front-end. Many developers and project managers are doing this now, but it’s important that the delivery expectations are set at the customer level as well.

So, we have the traditional DevOps and even SecOps, so when will DevSecOps be commonplace?  SecOps evolved from good collaboration between the security and operations teams. Additionally, SecOps ensures that organizations don’t cut corners around security to accomplish operating goals and uptime.

We all know that in our regular dev cycle, starting with requirements and design, security is an afterthought. The good news is SecOps is having influence on the early stages of the software development life cycle (SDLC). As mentioned, a bit earlier, adding security characteristics earlier in the development cycle may pose some challenges in delivery times. Thus, the development and operations teams must work closely to streamline these practices, which includes bringing security in at the beginning of the development cycle. It’s all in the planning.

Leave a comment

Contact Us


    Please use this form to contact us or email us at [email protected]

    Address

    Singapore CBD

    Phone-no

    +65 8714 2780